CVE-2024-53855

Name of the Vulnerable Software and Affected Versions: Centurion ERP versions prior to 1.3.1

Description: A user with view permissions for a ticket can view the tickets of another organization they are not a part of, if they have specific permissions such as view ticket change, view ticket incident, view ticket request, or view ticket problem. This issue is applicable when browsing the API endpoints for the tickets in question and does not affect the Centurion UI or Project Tasks.

Recommendations: For versions prior to 1.3.1, upgrade to release version 1.3.1 to address the issue. As a temporary workaround, consider removing the ticket view permissions from users to alleviate this vulnerability.